The New York Times reports that security researchers and hackers have already found serious flaws in Vista. So far, Vista has only been released to some corporate customers and not yet to the general public.

On December 15, a Russian programmer revealed a flaw that makes it possible increase a user’s privileges. Since Vista’s greatest improvements in security involve having users run under accounts with restricted privileges for security reasons, it is a major blow. Later, a Silicon Valley security firm discovered five additional flaws, one in Windows Internet Explorer 7.

Being that the company still has some time, hopefully it will be able to roll out an update repairing these flaws. Microsoft is counting on Vista to be a moneymaker for them. We’ve commented on its lack of significant impact…although like everyone, we’ll eventually have to give in and buy it as support for XP is eventually discontinued.

Lifehacker recently gave us the idea of discussing battery backup. Uninterruptible Power Supplies, or UPSes, are battery-backup power strips. There is no reason why your computers and your electronics should not be on these devices, especially if you are in an area that suffers from brownouts, blackouts, and other power related issues.
The higher quality models include a feature called Automatic Voltage Regulation(AVR)…with it, the battery feeds all power to the system, which gives your electronics a constantly clean and regulated voltage. The cheaper ones will switch over to battery power only during a power failure. This is a nice addition to the good idea that you should surge protect all electronics. A UPS provides an extra layer of protection.

If you choose to go only with surge protection..do not skimp on it though. Make sure you get high quality components. For a UPS, the best known brand has always been APC. Their stuff is rather expensive though. For a bit more economy, go with Belkin. Make sure that it comes with a data cable and software to allow your computer to shut down neatly when it runs low on power.
We’ve tried some generic brands. We have a black rectangle burned into a pressboard desk from an Energizer UPS we bought after the big Northeast blackout that went kaput one weekend while we were away. Coming home to discover a melted UPS is rather scary. Independent reviews are a good way to weed out the poor quality ones.

All models are rated in VA. The higher the VA, the longer it will last. The estimates on the box are usually for computers, but we recommend you hook it up to other things. For example, we have an independent UPS hooked into our DSL modem and router assembly. Being that it draws much less power than a computer, it means our network will work for a good while in a power failure. If you have cordless phones, hooking them in may also be a good idea if you have a spare outlet on the UPS.

The best way to plan to upgrade your home with a series of Uninterruptable Power Supplies is to see what you want to keep running or allow to shutdown gracefully during a blackout and plan accordingly. For example, if you want to ensure your Digital Video Recorder(let’s say Tivo, for example), continues to record…you will need to have it plugged in. If it is hooked into a cable box, that will need power as well(assuming the cable or satellite company hasn’t lost power too).

Don’t forget that any appliance with a motor should not be plugged into a UPS(at least on the battery powered side). Those devices require a large burst of power.

Writing about this puts us in the mind to review our surge protection and UPS plans for our residence. Better safe than sorry.

We follow Bruce Schneier, a guru in the field of security of all types. Recently, he commented on the issues management has in understanding IT security. Management tends to see implementing IT security measures as a low priority. Security is a preventative measure…there is no easy way to point somewhere and show the profit made by implementing good security.

Security insures against loss. Perhaps there is a way to relate a cost-savings in insurance, but besides that, security is a drain on the bottom line, be it in a corporation or with an individual.

Individuals are the same when it comes to security. The managerial side of us has to ask the justification for spending money and time protecting against loss, while our IT side speaks of viruses, spyware, malware, and environmental disasters…

Data seems too intangible to people to see it as a valuable item, like the equipment protecting it, or jewelry which must be secured. Either way, we must force ourselves to listen to our IT people, or the IT voice in our head and protect our valuables…

In a recent article, we wrote on the subject of Password Security. We advocated creating a secure vault to store your passwords. As a recent article by CNET news indicates, sometimes you can take password security too far.
When William Talcot, a prominent poet, died in June…his daughter couldn’t notify most of his contacts because his email account and online address book were password protected. It is a not uncommon problem. As more and more information is kept on computer and on websites, the danger that in the event of an emergency or death this information will be inaccessible to loved ones is increasing.

Now, savvy attorneys are advising their clients to put passwords to things online into estate documents, and what they want to do with their electronic resources. The provisions governing the release of information from online providers in the event of death are not consistent amongst companies, and often require court intervention.

Our advice for safety in the event of death is as follows: We advised that passwords can be stored in a password vault program…our example is KeePass. KeePass uses one master file for your passwords. We recommend a copy of your password vault with the master password by placed with your estate files. Consider perhaps a safety deposit box for it. We recommend considering a bank safety deposit box as a backup site for a set of your backup media, updated periodically.

The important thing to remember, that in the event of your death or incapacitation, you need some provision for allowing a loved one to access your information to follow your instructions. You have to find the solution that works for you. It isn’t pleasant to think about, but we tend to find that the solution that requires the least amount of work to set up and maintain is the one you are most likely to follow through on.

Putting all your eggs in one basket is not a good idea. Keeping all your critical data on an item you keep on your person at all times, a USB drive, ensures that it is protected. However, it also means that your data is moving around and thus increases the number of places you could be parted from it.

Now, your USB drive may include a security program for encryption. If it does not, or you wish to use a program that will work on any drive and not just on the drive you purchased, try TrueCrypt. TrueCrypt creates a virtual encrypted disk within a file and mounts it as a disk. TrueCrypt can run in Traveller Mode, which allows it to not be installed on the Operating System. You will need administrative privileges in order to run it that way and records of the mount may be left on the computer, although the data will be secure.

For portable versions of various popular applications, visit Portableapps.com. It includes portable versions of the Firefox Web Browser and the Thunderbird Email Client, as well as an IM client, a portable version of OpenOffice, and so on. Our ideal portable applicatiion USB drive contains Openoffice, Firefox, Thunderbird, TrueCrypt, KeePass(which we mentioned in a previous post), and Miranda IM Portable. Our data USB drive contains KeePass, TrueCrypt, and our secure data.
In a future post, we will discuss how to install a bootable operating system on your USB drive, if you wish to go a step further in mobile security.
Just remember when using a USB drive with portable applications that they can spread viruses and malicious code in between computers. Scan your USB drive for viruses on a regular basis, especially when it has been in strange computers. Also, back up your USB files regularly to ensure your protection.

In our next security piece, we’ll discuss strategies for backing up your data.